General
-
Target
418c793d114ddcb9dac4b04b08b32c74858b47f9df654c43e10b687ab8442e1f
-
Size
573KB
-
Sample
221123-s6t9fadb82
-
MD5
c9c05cae0a7af3f0d2b4091682caa3e4
-
SHA1
73ab52ec297aad007322feb4279605ac91ebb4e6
-
SHA256
418c793d114ddcb9dac4b04b08b32c74858b47f9df654c43e10b687ab8442e1f
-
SHA512
ba77a67e8851a73f238fd1f940bc3a3696a54d0aa51217c021d771a29a4599e012720bc6bd27e57942e1fcd3196cebde39bb1e41337026f6f1e24cdb9b5b3965
-
SSDEEP
12288:qRWNcr8oxnJ9yxBdBaHnQuQUxM0lpS0WIzdfGWVX5eow:ZNBIJQteQYMapS0W6de6W
Static task
static1
Behavioral task
behavioral1
Sample
418c793d114ddcb9dac4b04b08b32c74858b47f9df654c43e10b687ab8442e1f.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
jonas24.no-ip.biz:1630
DC_MUTEX-FYQ3L58
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oVsFPxtqM18C
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
418c793d114ddcb9dac4b04b08b32c74858b47f9df654c43e10b687ab8442e1f
-
Size
573KB
-
MD5
c9c05cae0a7af3f0d2b4091682caa3e4
-
SHA1
73ab52ec297aad007322feb4279605ac91ebb4e6
-
SHA256
418c793d114ddcb9dac4b04b08b32c74858b47f9df654c43e10b687ab8442e1f
-
SHA512
ba77a67e8851a73f238fd1f940bc3a3696a54d0aa51217c021d771a29a4599e012720bc6bd27e57942e1fcd3196cebde39bb1e41337026f6f1e24cdb9b5b3965
-
SSDEEP
12288:qRWNcr8oxnJ9yxBdBaHnQuQUxM0lpS0WIzdfGWVX5eow:ZNBIJQteQYMapS0W6de6W
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-